aws_hosted_zones

Use the aws_hosted_zone resource to test a specific hosted zone configuration.

Syntax

    describe aws_hosted_zone('zone-name') do
      it { should exist }
      its ('name_servers.count') { should eq 4 }
      its ('private_zone') { should be false }
      its ('record_names') { should include 'sid-james.carry-on.films.com' }
    end

Parameters

This resource takes one parameter, the name of the hosted zone to validate.

Properties

Property Description
name The name of the hosted zone.
id It’s id.
name_servers List of the associated name servers
private_zone If the hosted zone if private or public
record_count Number of associated records
records The associated records, flattens the list, so each rule will have multiple records for each type

Examples

Ensure a specific hosted zone exists
    describe aws_hosted_zone('zone-name') do
      it { should exist }
    end

Matchers

This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.

exist

The control will pass if the describe passes all tests.

Use exist to validate the hosted zone exists describe aws_hosted_zone('zone-name') do it { should exist } end Use should_not to test the entity should not exist. describe aws_hosted_zone('zone-name') do it { should_not exist } end

should

The control will pass if the describe passes all tests.

Use should to validate the hosted zone if public or private, the number of name servers is correct or that a specific record exists e.g.

    describe aws_hosted_zone('zone-name') do
      it { should exist }
      its ('name_servers.count') { should eq 4 }
      its ('private_zone') { should be false }
      its ('record_names') { should include 'sid-james.carry-on.films.com' }
    end

AWS Permissions

Your Principal will need the route53:ListHostedZones action with Effect set to Allow.

You can find detailed documentation at Amazon Route 53